On 24 June 2011 17:35, <stefano.stabellini@eu.citrix.com> wrote:
> +out_error:> + qemu_free(blkdev->params);> + qemu_free(blkdev->mode);> + qemu_free(blkdev->type);> + qemu_free(blkdev->dev);> + qemu_free(blkdev->devtype);> + return -1;
It occured to me that could result in a double-free if it's
possible to call init again (or to call free) after the init
routine has returned failure. I don't know enough about the
Xen device lifecycle to know if that's possible, though -- is it?
thanks
-- PMM

On Sat, 25 Jun 2011, Peter Maydell wrote:
> On 24 June 2011 17:35, <stefano.stabellini@eu.citrix.com> wrote:> > +out_error:> > + qemu_free(blkdev->params);> > + qemu_free(blkdev->mode);> > + qemu_free(blkdev->type);> > + qemu_free(blkdev->dev);> > + qemu_free(blkdev->devtype);> > + return -1;> > It occured to me that could result in a double-free if it's> possible to call init again (or to call free) after the init> routine has returned failure. I don't know enough about the> Xen device lifecycle to know if that's possible, though -- is it?
It shouldn't happen, but xen_disk should be able to cope with it
nonetheless.
I am going to resend the patch again setting to NULL all the blkdev
fields after freeing them.